Microsoft releases ten patches in its October security update

Mark Raby, 11th October 2006

Redmond (WA) - Microsoft has released its regular monthly security update and issued a wave of ten patches. Microsoft encountered problems with the initial distribution of the patch yesterday, but the sftware maker's security team was able to fix some problems that were widely publicized.

The October update went live on Microsoft's site early Tuesday, but many users did not get their hands on it for several hours. According to a blog entry from Craig Gehre, a member of Microsoft's security team, "network issues experienced on the Microsoft Update platform" caused a delay of the updates to become available via Microsoft Update, Automatic Updates, Windows Server Update Services, or Windows Update v6.pr.

The October package carries a total of ten updates. Six of these are rated "critical," which include an Excel vulnerability which allows hackers to plant malicious code remotely, as well as a known, already exploited hole in Word. Additionally, three other previously unknown security problems, and one update that fixes general holes throughout Office applications were fixed from the October patch. The update also addresses potential Denial of Service attacks.

The patch also takes care of the WebView security hole in Internet Explorer, which had already been actively exploited.

Finally, of less importance, the remaining updates apply to ASP.Net, Windows Object Packager, and the TCP/IP stack. The .Net-Framework 2.0 update patches a vulnerability that "could allow information disclosure", and for Windows Object Packager, the update closes a hole that allows for remote code execution. The least critical update, as ranked by Microsoft, is in TCP/IP, with mainly general updates. The patch fixes "several vulnerabilities in Windows, the most critical of which could allow a denial of service attack."

Details and the download of the patches can be found on Microsoft's Technet pages.